HP ProCurve 9304M Security Manual page 93

Routing switches

Hide thumbs Also See for ProCurve 9304M:

Management and configuration manual (690 pages)

Installation and configuration manual (504 pages)

Installation and getting started manual (348 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

Figure 4.5

Multiple hosts connected to a single 802.1X-enabled port

The way the HP device authenticates Clients in a multiple-host configuration depends on the software release

running on the device:

•

In releases prior to 07.8.00, services are provided on a port based on the authentication of a single Client.

When one Client is successfully authenticated, all hosts connected to the port are allowed access to the

network. The HP device forwards traffic from all of the connected hosts for as long as the authenticated Client

stays connected. When the authenticated Client disconnects from the network, authentication is removed for

the other connected hosts as well.

•

Starting in release 07.8.00, if there are multiple hosts connected to a single 802.1X-enabled port, the HP

device authenticates each of them individually. Each host's authentication status is independent of the

others, so that if one authenticated host disconnects from the network, it has no effect on the authentication

status of any of the other authenticated hosts.

By default, traffic from hosts that cannot be authenticated by the RADIUS server is dropped in hardware. You

can optionally configure the HP device to assign the port to a "restricted" VLAN if authentication of the Client

is unsuccessful.

How 802.1X Multiple-Host Authentication Works (Release 07.8.00 and Later)

In release 07.8.00 and later, when multiple hosts are connected to a single 802.1X-enabled port on an HP device

(as in Figure 4.5), 802.1X authentication is performed in the following way:

1. One of the 802.1X-enabled Clients attempts to log into a network in which an HP device serves as an

Authenticator.

2. The HP device creates an internal session (called a dot1x-mac-session) for the Client. A dot1x-mac-

session serves to associate a Client's MAC address and username with its authentication status.

June 2005

Clients/Supplicants running 802.1X-compliant client software

Configuring 802.1X Port Security

RADIUS Server

(Authentication Server)

HP Device

(Authenticator)

Hub

4 - 7

Table of Contents

This manual is also suitable for:

J4139aProcurve 9308mJ4874a Procurve 9408sl J4138a J8680a ... Show all

HP ProCurve 9304M Security Manual page 93

Related Manuals for HP ProCurve 9304M

Related Products for HP ProCurve 9304M

This manual is also suitable for:

Table of Contents